#!/bin/bash
set -euo pipefail
# Configuring the timeserver for the platform is often handled
# by pre-baking a config into a particular image for a platform, but
# that doesn't work for us because we have a single update stream.  Hence
# this service dynamically inspects the platform and reconfigures chrony.
#
# AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
# Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync
# GCP: https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp
#
# Originally spawned from discussion in https://github.com/openshift/installer/pull/3513

self=$(basename "$0")

# Exit early if chrony configuration has been changed from the image default
if ! cmp {/usr,}/etc/chrony.conf >/dev/null; then
    echo "$self: /etc/chrony.conf is modified; not changing the default"
    exit 0
fi
if ! cmp {/usr,}/etc/sysconfig/chronyd >/dev/null; then
    echo "$self: /etc/sysconfig/chronyd is modified; not changing the default"
    exit 0
fi

IFS=" " read -r -a cmdline <<< "$(</proc/cmdline)"
cmdline_arg() {
    local name="$1" value
    for arg in "${cmdline[@]}"; do
        if [[ "${arg%%=*}" == "${name}" ]]; then
            value="${arg#*=}"
        fi
    done
    echo "${value}"
}
platform=$(cmdline_arg ignition.platform.id)

# Exit early if the ptp_kvm module can't be loaded for the qemu platform
if [[ ${platform} == "qemu" ]]; then
    modprobe -q ptp_kvm || exit 0
fi

mkdir -p /run/nestos
confpath=/run/nestos/platform-chrony.conf
altenvfilepath=/run/nestos/sysconfig-chrony

# If not set already (by host customization or this script), set
# PEERNTP=no so that DHCP-provided NTP servers are not added to chrony.
# By doing this we assume the better NTP server choice is the
# platform-provided link-local NTP server rather than others from DHCP.
# TODO: once https://bugzilla.redhat.com/show_bug.cgi?id=1828434 is
# resolved, this won't be required.
if [ ! -e /etc/sysconfig/network ] || ! grep -q "PEERNTP" /etc/sysconfig/network; then
    # Historically on QEMU, we haven't been disabling PEERNTP. Let's keep doing
    # that even if we have ptp_kvm. chrony will just use the NTP servers as
    # additional sources.
    if [[ ${platform} != "qemu" ]]; then
        cat <<EOF >> /etc/sysconfig/network
# PEERNTP=no is automatically added by default when a platform-provided time
# source is available, but this behavior may be overridden through an Ignition
# config specifying PEERNTP=yes. See https://github.com/coreos/fedora-coreos-config/pull/412.
PEERNTP=no
EOF
    fi
fi

(echo "# Generated by $self - do not edit directly"
 sed -e s,'^makestep,#makestep,' -e s,'^pool,#pool,' -e s,'^leapsectz,#leapsectz,' < /etc/chrony.conf
cat <<EOF

# Allow the system clock step on any clock update.
# It will avoid the time resynchronization issue when VMs are resumed from suspend.
# See https://bugzilla.redhat.com/show_bug.cgi?id=1780165 for more information.
makestep 1.0 -1

EOF
) > "${confpath}"
case "${platform}" in
    azure | azurestack)
        # the /dev/ptp_hyperv symlink is created by:
        # https://github.com/systemd/systemd/blob/e67a5c14f0345f5ac456cfa109324dd9e70114d3/rules.d/50-udev-default.rules.in#L106
        (echo '# See also https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync'
         echo 'refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0'
         echo 'leapsectz right/UTC'
        ) >> "${confpath}" ;;
    aws | ec2)
        (echo '# See also https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html'
         echo 'server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4'
        ) >> "${confpath}" ;;
    gcp | gce)
        (echo '# See also https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp'
         echo '# and https://cloud.google.com/compute/docs/images/configuring-imported-images'
         echo 'server metadata.google.internal prefer iburst'
        ) >> "${confpath}" ;;
    qemu)
        sed -i s,'^#pool,pool,' "${confpath}"
        (echo '# KVM virtual PHC'
         echo 'refclock PHC /dev/ptp0 poll 2'
        ) >> "${confpath}" ;;
    *) echo "should not be reached" 1>&2; exit 1 ;;
esac
# Policy doesn't allow chronyd to read run_t
chcon --reference=/etc/chrony.conf "${confpath}"


# Read in the existing $OPTIONS variable setting from /etc/sysconfig/chronyd
# and write out a new $OPTIONS variable (with specified new configuration path)
# to /etc/sysconfig/chronyd
source /etc/sysconfig/chronyd
echo "OPTIONS='${OPTIONS} -f ${confpath}'" > ${altenvfilepath}

echo "$self: Updated chrony to use ${platform} configuration ${confpath}"
